vulnerability

Cisco APIC: CVE-2020-3333: Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 3, 2020

Added

May 11, 2026

Modified

May 11, 2026

Description

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.

Solution

cisco-apic-update-latest

References

CVE-2020-3333
https://attackerkb.com/topics/CVE-2020-3333
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-EPU-F8y5kUOP
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-24604
CISCO-cisco-sa-APIC-EPU-F8y5kUOP
CWE-306
EUVD-EUVD-2020-24604

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report